SlideShare une entreprise Scribd logo

"Esup CAS Packaging" : Deploy and customize easily a CAS4 server

L
Ludovic A

Github repository: https://github.com/EsupPortail/cas-toolbox-new Since 2003, the Esup-portail consortium has developed and has provided tools to facilitate CAS server implementation at french universities and establishments. This presentation will focus on the newest Esup CAS-toolbox v4 based on the Apereo CAS4 server distribution. CAS-toolbox is a tool for - Deploying a CAS server into an existing Tomcat installation, - Simplifying and centralizing CAS configuration, - Customizing the CAS server. The "new Esup cas-toolbox" is designed to handle different configuration and/or customization levels with Maven WAR overlays : - the 'cas-toolbox-core' folder contains the first level of Esup addons and preconfigurations to the original Apereo CAS server distribution. - the 'cas-toolbox-custom' folder only contains the specific configurations and customizations files of the institution. - the 'config.properties' file allows to centralize all properties.

Ingénierie
1  sur  34
Télécharger pour lire hors ligne
Open Apereo 2015 Higher Education ... Open Source in a New Age "Esup CAS Packaging": Deploy and customize easily a CAS4 server Ludovic Auxepaules UPMC, Paris, France https://github.com/EsupPortail/cas-toolbox-new 1
Few words about UPMC Pierre et Marie Curie University • UPMC Facts and Figures – French excellence in Medicine and Science – 18 sites across 4 regions in France • 15 in Paris region • 3 stations (Banyuls, Roscoff, Villefranche) – 34 000 students, of whom • 20% foreign students • 3300 doctoral candidates – 10 500 staffs, of whom • 8200 in research units (120 research laboratories) • Ludovic Auxepaules – At IT Department of UPMC since 2011 – Integration / Software Engineer – “Portal, Authentication and Authorizations” Projects – Github : https://github.com/auxepaul – Member of Esup-Portail Consortium 2Open Apereo 2015
The Esup-Portail Consortium Overview • Objectives – Facilitate learning and campus life for students... but also the daily work of the staff members – Pool development of digital services to divide costs between french universities – Share technological developments and new services – Conceive and plan for the evolution of portals, collaborative tools and mobile services • Nine knowledge areas (with “working groups”) – Portal solution (National “Digital Work Space” - “Espace Numérique de Travail” – ENT) – Mobile – Mail / Calendar solutions – Groups – OAE (Open Academic Environment) – Authentication – Document Management (DMS) – Analytics – Programming / Development • Collaborations with Apereo Foundation 3Open Apereo 2015
The Esup-Portail Consortium In Practice • 70 member institutions • Contributions from french universities and engineering schools • Esup-Days: 2 conferences a year in Paris – Esup-Days 19 & Apereo Europe in February 2015 • WebSite & Wiki: https://www.esup-portail.org/ • Github: https://github.com/EsupPortail • For more information – ESUP-Portail & OAE: Keys to success, Tomorrow from 2:30pm to 3:15pm • http://lanyrd.com/2015/apereo/sdmmpt/ – Apereo & ESUP-Portail: Brothers in Arms (Open Apereo 2014) • http://lanyrd.com/2014/apereo/sdbbgk/ – Alain Mayeur / Mathilde Guerin 4Open Apereo 2015
Plan of the presentation • Some information about CAS • Esup-Portail Works and Toolbox related to CAS (2003-2011) • New Esup CAS Toolbox v3 and v4 (2011-…) 5Open Apereo 2015
What is CAS? • Central Authentication Service  SSO : a Single Sign-On / Single Sign-Off for the web • A secure way for users to access multiple services/applications – Passwords crypted and transmitted between the navigator and CAS – Opaque tickets without personal informations • An open-source project – Created by Yale University in 2001 – Hosted by Jasig (now Apereo Foundation) since December 2004 • Wide adoption within higher education institutions and corporations around the world Open Apereo 2015 6
What is CAS? • Public protocol specifications: CAS 1.0, 2.0 and 3.0 • One CAS server (written in JAVA) – Authenticate users and grant accesses to applications • N CAS client embedded in cassified applications – Protect and retrieve the identity of the granted users from the server • Key concepts – The TGT (Ticket Granting Ticket) stored in the CASTGC cookie, represents a SSO session – The ST (Service Ticket), transmitted as a GET parameter in urls, stands for the access granted by the CAS server to the cassified application for a specific user Open Apereo 2014 7
A “recipe” to adopt CAS Apereo 2014 (M. Moayyed) • Use a latest stable version of the CAS server • Add the “skin” of your institution • Add the configuration of your institution – How do users authenticate? – Where do user attributes come from? – Which application are allowed to use CAS? • Build, test and deploy • Update and secure cassified applications with CAS clients Open Apereo 2015 8
Requirements to deploy a server • Java Development Kit 6  7 (8?) • A Servlet container (Apache Tomcat 6  7) • Apache Maven >= 3 (3.0.x) • HTTP Apache Server 2.x with mod_proxy_ajp (Optional) • SSL Certificates (CAS must use https in production) • « Basic Knowledge » about the Spring Framework CAS installation is a fundamentally source-oriented process Open Apereo 2015 9
Jasig / Apereo CAS Server Distributions since 2010 • CAS Server 4.0.1 January 2015 recommended in June 2015? • CAS Server 4.0 May 2014 recommended in June 2014 • Security patches for SAML2 (e.g. Google Apps), HTTP attacks,… – CAS Server 3.5.3 January 2015 – CAS-server-security-filter 1.0 August 2014 2.0.x May 2015 – CAS Server 3.5.2.1 April 2014 – CAS Server 3.4.12.1 April 2014 • CAS Server 3.5.2 February 2013 recommended in June 2013 ... • CAS Server 3.5.0 July 2012 • CAS Server 3.4.12 May 2012 recommended in June 2012 … • CAS Server 3.4.7 March 2011 … • CAS Server 3.4.0 May 2010 https://www.apereo.org/tags/cas-product-release https://github.com/Jasig/cas/releases/ 10Open Apereo 2015
How to install / deploy a CAS server ? • Install a quickstart produced by Apereo/Jasig or Esup-Portail – Discover quickly CAS functionalities, perform trainings, demos… • Do direct modifications in the source of a CAS stable version? • Deploy a WAR and perform changes in the Tomcat webapps directory – More difficult to update the CAS server • Maven WAR Overlays – The Apereo recommended method to deploy a CAS server – Beware of files and directories movements during version upgrades • Esup CAS-toolbox or Esup CAS-toolbox-new – Facilitate deployment by centralizing configuration items and by presetting some CAS modules Open Apereo 2015 11
Open Apereo 2015 Higher Education ... Open Source in a New Age HISTORY OF ESUP WORKS / TOOLBOX AND CAS SERVER 2003-2007 Esup CAS Generic Handler Yale/Jasig CAS 2.x 2008-2011 Esup CAS-toolbox Jasig CAS 3.x 2011-2014 Esup CAS-toolbox-new v3 Jasig CAS 3.4.1x 2014-… Esup CAS-toolbox-new v4 Apereo CAS 4.x 12Open Apereo 2015
2003-2007: Esup cas-generic Ant-based project and Yale/Jasig CAS v2 Server • Esup-Portail Generic Handler – A plugin giving CAS the ability to authenticate users with different methods • 3 packages – esup-casgeneric • The CAS Generic Handler, to be deployed into the cas-server sources hierarchy – esup-cas-server • The CAS Generic Handler, already shipped into CAS server – esup-cas-quick-start • An Apache Jakarta Tomcat-based package for CAS server, shipped with the Handler • Latest release in SourceForge – http://sourceforge.net/projects/esup-casgeneric/files/ • Documentations – http://www.esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_install.html Open Apereo 2015 13
2003-2007: Esup cas-generic User Interface at UPMC with esup-cas-server Open Apereo 2015 14
2008-2011: Esup cas-toolbox Ant-based project and Jasig CAS v3 Server • Overview – Deploying a CAS server into an existing Tomcat installation – Simplifying CAS configuration – Customizing the CAS server – Building quickstart distributions • Handle different configuration customization levels – An 'update' folder: containing add-ons to the original CAS Server – A 'custom' folder : every customized aspects (skin, Java sources, configurations) – A 'config.properties' file: properties used by the Spring configuration files • Latest release in SourceSup and based on CAS v3.4.7 – https://sourcesup.renater.fr/frs/?group_id=401&release_id=1461 • Documentations – https://wiki.jasig.org/display/CAS/CAS-toolbox – https://subversion.renater.fr/cas-toolbox/tags/3.4.7-1/README Open Apereo 2015 15
2008-2011: Esup cas-toolbox Deployment Example • Download cas-toolbox.X-Y.tar.gz from https://sourcesup.renater.fr/projects/cas-toolbox/ and expand • Rename build.sample.properties to build.properties • Set the deploy.path property in build.properties • Rename config.sample.properties to config.properties • Configure config.properties (and set customizations in the custom directory) • Initialize by running ant init • Deploy into an existing Tomcat by running ant deploy • Start Tomcat and browse http://localhost:8080/cas Open Apereo 2015 16
2008-2011: Esup cas-toolbox v3 UI with Esup-portail Theme (v3.4.7) Open Apereo 2015 17
Open Apereo 2015 Higher Education ... Open Source in a New Age NEW ESUP CAS TOOLBOX V3 AND V4 2011-2014 Esup CAS-toolbox-new v3 (CAS server 3.4.1x) 2014-… Esup CAS-toolbox-new v4 (CAS server 4.0.x) Open Apereo 2015 18
Maven WAR Overlay General principles • Local sources control (with Git) that contains only specific dependencies, configurations and customizations of the institution – The pom.xml (Project Object Model) file describes the project, its dependencies and automated tasks… – Added or modified files or directories: .java, .properties, .xml,… • Rebuilding of the Web application ARchive (WAR to deploy within Tomcat) – From the original release version of the CAS server defined in the pom.xml file – With all configurations and customizations in superposition • Replacement of original files • Documentations – https://wiki.jasig.org/display/CASUM/Best+Practice+- +Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method – http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html Open Apereo 2015 19
Maven WAR Overlay Examples and demos for CAS server • CAS server 3.4.1x – https://subversion.renater.fr/cas-toolbox/branches/cas-toolbox-new/ – https://github.com/EsupPortail/cas-toolbox-new/tree/v3.4.x • CAS server 3.5.x – https://github.com/UniconLabs/simple-cas-overlay-template – https://github.com/Unicon/unicon-cas-overlay – https://github.com/leleuj/cas-overlay-3.5.x • CAS server 4.0.x – https://github.com/leleuj/cas-overlay-demo – https://github.com/UniconLabs/simple-cas4-overlay-template – https://github.com/EsupPortail/cas-toolbox-new/tree/v4.0.x Open Apereo 2015 20
Esup cas-toolbox-new v3 and v4 Maven-based project and CAS 3.4.1x / 4.0.x • Overview of the new toolbox capabilities – Deploying a CAS server into an existing Tomcat installation – Simplifying and centralizing CAS configuration • config.properties file and Authentication “HandlersDiscover” functionality – Esup pre-settings and add-ons • Esup Theme, LDAP, Logging, TraceMe, Stats, BlockAttack, SAML 1.1… • Configured modules that user can activate : Memcached, Rest… – Quickstart built with Ant • Initial works of simplification of the projet Esup cas-toolbox (J. Marchal) – https://subversion.renater.fr/cas-toolbox/branches/cas-toolbox-new/ • Svn2git, transfer and update of the project on Github (L. Auxepaules) – https://github.com/auxepaul/cas-toolbox-new Open Apereo 2015 21
Esup cas-toolbox-new v3 & v4 Files and Directories organization • cas-toolbox-core (Esup addons and preconfigurations) – src/main • java • webapp – pom.xml • cas-toolbox-custom (University customizations and addons) – src/main • webapp – pom.xml • etc (HowTo and « scripts » examples) • config.sample.properties (« localhost » configuration) • pom.xml • Better differentiation between the Esup and the Institution customizations and configurations • An integrator can easily copy the files from cas-toolbox-core (or the Apereo CAS project) to cas-toolbox-custom and then modify the files Open Apereo 2015 22
Esup cas-toolbox-new v3 and v4 UI with the Esup Theme Open Apereo 2015 23
Esup cas-toolbox-new v3 and v4 UI with the UPMC Theme (v3.4.12.1) Open Apereo 2015 24
Esup cas-toolbox-new v3 and v4 Statistics, Monitoring and Logs • Esup Stats Page: /cas/stats.jsp SERVICE_TICKET_CREATED : 1 TICKET_GRANTING_TICKET_CREATED : 1 AUTHENTICATION_SUCCESS : 1 AUTHENTICATION_FAILED : 1 SERVICE_TICKET_VALIDATED : 1 TICKET_GRANTING_TICKET_NOT_CREATED : 1 • Apereo Monitoring Page: /cas/status Health: OK 1.MemoryMonitor: OK - 418,07MB free, 623,54MB total. 2.SessionMonitor: OK - 1 sessions. 0 service tickets. • Esup User and Service Stats Logs: serviceStats.log [Sun May 31 16:01:15 CEST 2015] [IP:127.0.0.1] [ID:admin] [TICKET:ST-1-ZW74nIKOVEECbowbB0BT-localhost] [SERVICE:http://localhost:8080/cas-management/j_spring_cas_security_check] [USER-AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0] • Apereo Performance Statistics Logs: perfStats.log Performance Statistics 2015-05-31 16:01:00 - 2015-05-31 16:02:00 Tag Avg(ms) Min Max Std Dev Count AUTHENTICATE 21,0 21 21 0,0 1 CREATE_TICKET_GRANTING_TICKET 25,0 25 25 0,0 1 GRANT_SERVICE_TICKET 3,0 3 3 0,0 1 VALIDATE_SERVICE_TICKET 1,0 1 1 0,0 1 25Open Apereo 2015
Esup cas-toolbox-new v3 and v4 Logging in Log4j.xml • Tickets: tickets.log 2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST- 1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas- management/j_spring_cas_security_check] for user [admin] • Success and failed authentications, blockAttack: auth.log (works with CAS 3) Thu Dec 18 15:47:00 CET 2014 - AUTHENTICATION_FAILED for '[username: admin]' from '127.0.0.1' AccountLockingService::incrementAttempts() : [admin] - number of attempts : 3 of 3AccountLockingService::isAccountLocked() : [admin] added to user list AccountLockingService::isAccountLocked() : [admin] locked Account "admin" is locked for : 3 s AccountLockingService::run() : [admin] removed from user list Thu Dec 18 15:48:00 CET 2014 - AUTHENTICATION_SUCCESS for '[username: admin]' from '127.0.0.1‘ • Rejected Services: rejectedServices.log 2015-05-31 16:02:31,091 WARN [org.jasig.cas.web.flow.ServiceAuthorizationCheck] - ServiceManagement: Unauthorized Service Access. Service [http://loc:8080/cas-management/j_spring_cas_security_check] is not found in service registry. • CAS management Services: cas-management.log 2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST- 1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas- management/j_spring_cas_security_check] for user [admin] • Trace (used by Esup AGIMUS-ng: Indicators and Usage): trace.log TRACE-1-70RFFjeWwSqCfoqwHxUoimyMBELrhdlqAjhtlhoIpChkFnuG5f-localhost:admin 26Open Apereo 2015
Esup cas-toolbox-new v3 and v4 Deployment Example • git clone https://github.com/EsupPortail/cas-toolbox-new.git • git checkout v4.0.x • Rename config.sample.properties to config.properties • Set the deploy.path property in config.properties • Configure config.properties • (Set customizations in the cas-toolbox-custom directory) • Initialize and deploy in an existing Tomcat by running mvn clean package • Start Tomcat and browse http://localhost:8080/cas http://localhost:8080/cas-management Open Apereo 2015 27
Esup cas-toolbox-new v3 and v4 Authentication handlers « Discover » • Set Handlers to use in config.properties (reported in esup.properties file) # Handler to use (cf casWEB-INF*.auth.xml to find id) # - ldapFastBindHandler : make a fast bind in ldap (AD or direct bind configuration) # - ldapFullBindHandler : make a search after a bind with find dn (OpenLdap or anonymous) # - fileEncAuthHandler : use a flat encoded file # - filePlainAuthHandler : use a flat plaintext file authHandlers=fileEncAuthHandler # IF USE ldapFullBindHandler #authHandlers=fileEncAuthHandler,ldapFullBindHandler authResolvers=primaryPrincipalResolver # IF USE ldapFullBindHandler #authResolvers=primaryPrincipalResolver,ldapPrincipalResolver defaultResolver=primaryPrincipalResolver • HandlersDiscover JAVA class: org.esupportail.cas.HandlersDiscover.java – Browse the list of authentication Handlers, the list of authentication Resolvers – Put each couple <AuthHandler, AuthResolver> within the HandlerMap used by Authentication Manager bean • Handlers to discover within srcmainwebappWEB-INFauth-configuration*- auth.xml Open Apereo 2015 28
Esup cas-toolbox-new v3 and v4 Authentication handlers « Discover » • HandlerDiscover bean defined in srcmainwebappWEB- INFdeployerConfigContext.xml <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg ref="handlerMap"/> ... <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <bean id="handlerMap" class="org.springframework.beans.factory.config.MapFactoryBean"> <property name="sourceMap"> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> </map> </property> </bean> <bean id="handlerDiscover" class="org.esupportail.cas.HandlersDiscover"> <property name="handlersId" value="${cas.authHandlers}"/> <property name="resolversId" value="${cas.authResolvers}"/> <property name="defaultResolverId" value="${cas.defaultResolver}"/> <property name="mapToAdd" ref="handlerMap"/> </bean> Open Apereo 2015 29
Apereo CAS v4.0.x Some new features, changes, updates • New CAS 3.0 protocol: User attributes in ticket validation response • Greater modularity and new submodules – Services management, SAML 1.1 • Redesign authentication API • Updated or replaced dependencies – Spring LDAP  Ldaptive – REST module – CredentialsToPrincipalResolver, ***Credentials*** class or attributes  ***Credential*** • User Interface improvements (“Responsive”)  Source code not backward-compatible with 3.x – Difficulties to export some configurations and customizations from 3.x to 4.x • For more information – The latest about the Central Authentication Service, Tomorrow from 10:15pm to 11:00pm • http://lanyrd.com/2015/apereo/sdmmpw/ – http://jasig.github.io/cas/current/ Open Apereo 2015 30
Esup cas-toolbox-new v4 Things to do and Perspectives • Fix bugs and test some functionalities and modules – Fix SAML 1.1 (search filter bug), echos in cas.log… – Set and Test Memcached – Test REST • Add and test new maven tasks to support development activities – mvn jetty:run or mvn jetty;run-war – mvn tomcat7:deploy or mvn tomcat7:redeploy • Rewrite HowTo guides, documentations and links to the Apereo CAS documentations and guides • Replace old Esup functionalities by “equivalent” Apereo functionalities – BlockAttacks  Throttling Authentication Attempts 31Open Apereo 2014
Esup cas-toolbox-new v4 Things to do and Perspectives • Set a new Esup theme (Responsive Web Design) • Add and preset new authentication configurations – Spnego (Kerberos Windows), Trusted (REMOTE_USER)… • Add and preset other modules and functionalities of the Apereo CAS server – LPPE, Clearpass • Study (and create?) more “specific” projects based on – RBAC (Role-Based Access Control) by service with CAS and Grouper – MFA (Multi-Factor Authentication) with the LOA implementation 32Open Apereo 2014
Open Apereo 2015 Higher Education ... Open Source in a New Age DEMONSTRATION 33Open Apereo 2015
Demonstration Windows demonstration environment • Quickstart uPortal 4.1 – C:/portal – Apache Maven 3.0.4 – Apache Tomcat 7.0.32 • Running scripts of tomcat in the apache-tomcat-7.0.32/bin directory – startup.bat et shutdown.bat • Oracle Java JDK 1.7 • Environment variables – JAVA_HOME, JAVA_OPTS, CATALINA_OPTS – Path : MAVEN_HOME%bin • Git : Github for Windows 34Open Apereo 2014

Recommandé

PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIAndrey Karpov
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesJeff Potts
 
Apache Whirr
Apache WhirrApache Whirr
Apache Whirrhuguk
 
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experiment
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experimentAlfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experiment
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experimentAxel Faust
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationopenstackindia
 
Terraform - The Road to Self-Service
Terraform - The Road to Self-ServiceTerraform - The Road to Self-Service
Terraform - The Road to Self-ServiceRyan Boyce
 
Puppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet
 

Recommandé

PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIAndrey Karpov
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesJeff Potts
 
Apache Whirr
Apache WhirrApache Whirr
Apache Whirrhuguk
 
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experiment
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experimentAlfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experiment
Alfresco Devcon 2019 - Lightning Talk - The Alfresco fat JAR experimentAxel Faust
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationEnhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world applicationopenstackindia
 
Terraform - The Road to Self-Service
Terraform - The Road to Self-ServiceTerraform - The Road to Self-Service
Terraform - The Road to Self-ServiceRyan Boyce
 
Puppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet Camp Charlotte 2015: Exporting Resources: There and Back Again
Puppet Camp Charlotte 2015: Exporting Resources: There and Back AgainPuppet
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
Exploring the Future of Helm
Exploring the Future of HelmExploring the Future of Helm
Exploring the Future of HelmMatthew Farina
 
Final terraform
Final terraformFinal terraform
Final terraformGourav Varma
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Adin Ermie
 
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)OpenStack Korea Community
 
Kayobe_desc
Kayobe_descKayobe_desc
Kayobe_descssuser8fea38
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with ociDonghuKIM2
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
How to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatHow to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatEgnyte
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaAngel Borroy López
 
Hacking Tomcat
Hacking TomcatHacking Tomcat
Hacking Tomcatguestc27cd9
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache MesosTimothy St. Clair
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpOntico
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultGrzegorz Adamowicz
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereApache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereGanesh Raju
 
Terraform day1
Terraform day1Terraform day1
Terraform day1Gourav Varma
 
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 

Contenu connexe

Tendances

Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform TrainingYevgeniy Brikman
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
Exploring the Future of Helm
Exploring the Future of HelmExploring the Future of Helm
Exploring the Future of HelmMatthew Farina
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Adin Ermie
 
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)OpenStack Korea Community
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with ociDonghuKIM2
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformAdin Ermie
 
How to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatHow to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatEgnyte
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaAngel Borroy López
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache MesosTimothy St. Clair
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpOntico
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...Vinod Narayanankutty
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultGrzegorz Adamowicz
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSYevgeniy Brikman
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereApache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereGanesh Raju
 

Tendances (20)

Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
 
Exploring the Future of Helm
Exploring the Future of HelmExploring the Future of Helm
Exploring the Future of Helm
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
Infrastructure-as-Code (IaC) Using Terraform (Advanced Edition)
 
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)
 
Kayobe_desc
Kayobe_descKayobe_desc
Kayobe_desc
 
Ansible with oci
Ansible with ociAnsible with oci
Ansible with oci
 
Infrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using TerraformInfrastructure-as-Code (IaC) using Terraform
Infrastructure-as-Code (IaC) using Terraform
 
How to monitor and manage Apache Tomcat
How to monitor and manage Apache TomcatHow to monitor and manage Apache Tomcat
How to monitor and manage Apache Tomcat
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragoza
 
Hacking Tomcat
Hacking TomcatHacking Tomcat
Hacking Tomcat
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache Mesos
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorp
 
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
[Alibaba Cloud Singapore Community Meetup Webinar, 3 Sep 2020] Automate Your ...
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp VaultAWS DevOps - Terraform, Docker, HashiCorp Vault
AWS DevOps - Terraform, Docker, HashiCorp Vault
 
An intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECSAn intro to Docker, Terraform, and Amazon ECS
An intro to Docker, Terraform, and Amazon ECS
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installing
 
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data EverywhereApache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
Apache Bigtop and ARM64 / AArch64 - Empowering Big Data Everywhere
 
Terraform day1
Terraform day1Terraform day1
Terraform day1
 

En vedette

WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethAndrew Petro
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universitybpowell29a
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onCraig Dickson
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOOliver Mueller
 

En vedette (8)

WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0
 
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and ShibbolethIdentity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
 
Sso walk-through
Sso walk-throughSso walk-through
Sso walk-through
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland university
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-onFast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
 
Enterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSOEnterprise Single Sign-On - SSO
Enterprise Single Sign-On - SSO
 

Similaire à "Esup CAS Packaging" : Deploy and customize easily a CAS4 server

Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...Rahul Krishna Upadhyaya
 
HOW TO SCALE FROM ZERO TO BILLIONS!
HOW TO SCALE FROM ZERO TO BILLIONS!HOW TO SCALE FROM ZERO TO BILLIONS!
HOW TO SCALE FROM ZERO TO BILLIONS!Maziyar PANAHI
 
OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015Jesse Pretorius
 
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse Foundation
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse FoundationOMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse Foundation
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse FoundationOpen Mobile Alliance
 
WSO2Con EU 2015: PaaS for Educational Environments – Almaviva
WSO2Con EU 2015: PaaS for Educational Environments – AlmavivaWSO2Con EU 2015: PaaS for Educational Environments – Almaviva
WSO2Con EU 2015: PaaS for Educational Environments – AlmavivaWSO2
 
SCAPE Information Day at BL - Some of the SCAPE Outputs Available
SCAPE Information Day at BL - Some of the SCAPE Outputs AvailableSCAPE Information Day at BL - Some of the SCAPE Outputs Available
SCAPE Information Day at BL - Some of the SCAPE Outputs AvailableSCAPE Project
 
SCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE Project
 
XSEDE14 SciGaP-Apache Airavata Tutorial
XSEDE14 SciGaP-Apache Airavata TutorialXSEDE14 SciGaP-Apache Airavata Tutorial
XSEDE14 SciGaP-Apache Airavata Tutorialmarpierc
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
OpenStack Documentation Projects and Processes
OpenStack Documentation Projects and ProcessesOpenStack Documentation Projects and Processes
OpenStack Documentation Projects and ProcessesAnne Gentle
 
Happy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCHappy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCLudovic A
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAPVictor Morales
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackMicrosoft
 
OpenStack for VMware Administrators
OpenStack for VMware AdministratorsOpenStack for VMware Administrators
OpenStack for VMware AdministratorsTrevor Roberts Jr.
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackAbderrahmane TEKFI
 
OpenNaaS Overview Complete
OpenNaaS Overview CompleteOpenNaaS Overview Complete
OpenNaaS Overview CompleteJoan Garcia
 
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup EdmontonDeveloping on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmontonserverascode
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Vinay Kumar
 

Similaire à "Esup CAS Packaging" : Deploy and customize easily a CAS4 server (20)

Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
 
HOW TO SCALE FROM ZERO TO BILLIONS!
HOW TO SCALE FROM ZERO TO BILLIONS!HOW TO SCALE FROM ZERO TO BILLIONS!
HOW TO SCALE FROM ZERO TO BILLIONS!
 
OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015OpenStack London Meetup, 18 Nov 2015
OpenStack London Meetup, 18 Nov 2015
 
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse Foundation
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse FoundationOMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse Foundation
OMA LwM2M Workshop - Julien Vermillard, OMA LwM2M Projects in Eclipse Foundation
 
WSO2Con EU 2015: PaaS for Educational Environments – Almaviva
WSO2Con EU 2015: PaaS for Educational Environments – AlmavivaWSO2Con EU 2015: PaaS for Educational Environments – Almaviva
WSO2Con EU 2015: PaaS for Educational Environments – Almaviva
 
SCAPE Information Day at BL - Some of the SCAPE Outputs Available
SCAPE Information Day at BL - Some of the SCAPE Outputs AvailableSCAPE Information Day at BL - Some of the SCAPE Outputs Available
SCAPE Information Day at BL - Some of the SCAPE Outputs Available
 
SCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation EnvironmentsSCAPE - Scalable Preservation Environments
SCAPE - Scalable Preservation Environments
 
XSEDE14 SciGaP-Apache Airavata Tutorial
XSEDE14 SciGaP-Apache Airavata TutorialXSEDE14 SciGaP-Apache Airavata Tutorial
XSEDE14 SciGaP-Apache Airavata Tutorial
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
 
OpenStack Documentation Projects and Processes
OpenStack Documentation Projects and ProcessesOpenStack Documentation Projects and Processes
OpenStack Documentation Projects and Processes
 
Short-Training asp.net vNext
Short-Training asp.net vNextShort-Training asp.net vNext
Short-Training asp.net vNext
 
Happy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMCHappy birthday "monUPMC": 9 years of Portal at UPMC
Happy birthday "monUPMC": 9 years of Portal at UPMC
 
OpenStack Swift
OpenStack SwiftOpenStack Swift
OpenStack Swift
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAP
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: Openstack
 
OpenStack for VMware Administrators
OpenStack for VMware AdministratorsOpenStack for VMware Administrators
OpenStack for VMware Administrators
 
Introduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStackIntroduction to Orchestration and DevOps with OpenStack
Introduction to Orchestration and DevOps with OpenStack
 
OpenNaaS Overview Complete
OpenNaaS Overview CompleteOpenNaaS Overview Complete
OpenNaaS Overview Complete
 
Developing on OpenStack Startup Edmonton
Developing on OpenStack Startup EdmontonDeveloping on OpenStack Startup Edmonton
Developing on OpenStack Startup Edmonton
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17
 

Plus de Ludovic A

ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne Université
ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne UniversitéESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne Université
ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne UniversitéLudovic A
 
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...10 ans après : une nouvelle plateforme de captation et diffusion en direct et...
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...Ludovic A
 
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...Ludovic A
 
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMC
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMCRetour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMC
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMCLudovic A
 
Esupdays 21: Point sur le projet ESUP cas_toolbox
Esupdays 21: Point sur le projet ESUP cas_toolboxEsupdays 21: Point sur le projet ESUP cas_toolbox
Esupdays 21: Point sur le projet ESUP cas_toolboxLudovic A
 
Esupdays 20 : Etat d'avancement du projet esup-CAS v4
Esupdays 20 : Etat d'avancement du projet esup-CAS v4Esupdays 20 : Etat d'avancement du projet esup-CAS v4
Esupdays 20 : Etat d'avancement du projet esup-CAS v4Ludovic A
 
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCRetour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCLudovic A
 
Esupdays 19 : Packaging Esup Cas
Esupdays 19 : Packaging Esup Cas Esupdays 19 : Packaging Esup Cas
Esupdays 19 : Packaging Esup Cas Ludovic A
 

Plus de Ludovic A (8)

ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne Université
ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne UniversitéESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne Université
ESUPDAYS 26 : CAS 5.2 - Retour d'expérience Sorbonne Université
 
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...10 ans après : une nouvelle plateforme de captation et diffusion en direct et...
10 ans après : une nouvelle plateforme de captation et diffusion en direct et...
 
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...
10 ans après, une nouvelle plateforme de captation et de diffusion en direct ...
 
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMC
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMCRetour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMC
Retour d’expérience sur le déploiement d’uPortal 4.2+ responsive à l’UPMC
 
Esupdays 21: Point sur le projet ESUP cas_toolbox
Esupdays 21: Point sur le projet ESUP cas_toolboxEsupdays 21: Point sur le projet ESUP cas_toolbox
Esupdays 21: Point sur le projet ESUP cas_toolbox
 
Esupdays 20 : Etat d'avancement du projet esup-CAS v4
Esupdays 20 : Etat d'avancement du projet esup-CAS v4Esupdays 20 : Etat d'avancement du projet esup-CAS v4
Esupdays 20 : Etat d'avancement du projet esup-CAS v4
 
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMCRetour d'expérience : Mise en place de l'ENT v4 à l'UPMC
Retour d'expérience : Mise en place de l'ENT v4 à l'UPMC
 
Esupdays 19 : Packaging Esup Cas
Esupdays 19 : Packaging Esup Cas Esupdays 19 : Packaging Esup Cas
Esupdays 19 : Packaging Esup Cas
 

Dernier

Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm Systemirfanmechengr
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 

Dernier (20)

POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Class 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm SystemClass 1 | NFPA 72 | Overview Fire Alarm System
Class 1 | NFPA 72 | Overview Fire Alarm System
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 

"Esup CAS Packaging" : Deploy and customize easily a CAS4 server

  • 1. Open Apereo 2015 Higher Education ... Open Source in a New Age "Esup CAS Packaging": Deploy and customize easily a CAS4 server Ludovic Auxepaules UPMC, Paris, France https://github.com/EsupPortail/cas-toolbox-new 1
  • 2. Few words about UPMC Pierre et Marie Curie University • UPMC Facts and Figures – French excellence in Medicine and Science – 18 sites across 4 regions in France • 15 in Paris region • 3 stations (Banyuls, Roscoff, Villefranche) – 34 000 students, of whom • 20% foreign students • 3300 doctoral candidates – 10 500 staffs, of whom • 8200 in research units (120 research laboratories) • Ludovic Auxepaules – At IT Department of UPMC since 2011 – Integration / Software Engineer – “Portal, Authentication and Authorizations” Projects – Github : https://github.com/auxepaul – Member of Esup-Portail Consortium 2Open Apereo 2015
  • 3. The Esup-Portail Consortium Overview • Objectives – Facilitate learning and campus life for students... but also the daily work of the staff members – Pool development of digital services to divide costs between french universities – Share technological developments and new services – Conceive and plan for the evolution of portals, collaborative tools and mobile services • Nine knowledge areas (with “working groups”) – Portal solution (National “Digital Work Space” - “Espace Numérique de Travail” – ENT) – Mobile – Mail / Calendar solutions – Groups – OAE (Open Academic Environment) – Authentication – Document Management (DMS) – Analytics – Programming / Development • Collaborations with Apereo Foundation 3Open Apereo 2015
  • 4. The Esup-Portail Consortium In Practice • 70 member institutions • Contributions from french universities and engineering schools • Esup-Days: 2 conferences a year in Paris – Esup-Days 19 & Apereo Europe in February 2015 • WebSite & Wiki: https://www.esup-portail.org/ • Github: https://github.com/EsupPortail • For more information – ESUP-Portail & OAE: Keys to success, Tomorrow from 2:30pm to 3:15pm • http://lanyrd.com/2015/apereo/sdmmpt/ – Apereo & ESUP-Portail: Brothers in Arms (Open Apereo 2014) • http://lanyrd.com/2014/apereo/sdbbgk/ – Alain Mayeur / Mathilde Guerin 4Open Apereo 2015
  • 5. Plan of the presentation • Some information about CAS • Esup-Portail Works and Toolbox related to CAS (2003-2011) • New Esup CAS Toolbox v3 and v4 (2011-…) 5Open Apereo 2015
  • 6. What is CAS? • Central Authentication Service  SSO : a Single Sign-On / Single Sign-Off for the web • A secure way for users to access multiple services/applications – Passwords crypted and transmitted between the navigator and CAS – Opaque tickets without personal informations • An open-source project – Created by Yale University in 2001 – Hosted by Jasig (now Apereo Foundation) since December 2004 • Wide adoption within higher education institutions and corporations around the world Open Apereo 2015 6
  • 7. What is CAS? • Public protocol specifications: CAS 1.0, 2.0 and 3.0 • One CAS server (written in JAVA) – Authenticate users and grant accesses to applications • N CAS client embedded in cassified applications – Protect and retrieve the identity of the granted users from the server • Key concepts – The TGT (Ticket Granting Ticket) stored in the CASTGC cookie, represents a SSO session – The ST (Service Ticket), transmitted as a GET parameter in urls, stands for the access granted by the CAS server to the cassified application for a specific user Open Apereo 2014 7
  • 8. A “recipe” to adopt CAS Apereo 2014 (M. Moayyed) • Use a latest stable version of the CAS server • Add the “skin” of your institution • Add the configuration of your institution – How do users authenticate? – Where do user attributes come from? – Which application are allowed to use CAS? • Build, test and deploy • Update and secure cassified applications with CAS clients Open Apereo 2015 8
  • 9. Requirements to deploy a server • Java Development Kit 6  7 (8?) • A Servlet container (Apache Tomcat 6  7) • Apache Maven >= 3 (3.0.x) • HTTP Apache Server 2.x with mod_proxy_ajp (Optional) • SSL Certificates (CAS must use https in production) • « Basic Knowledge » about the Spring Framework CAS installation is a fundamentally source-oriented process Open Apereo 2015 9
  • 10. Jasig / Apereo CAS Server Distributions since 2010 • CAS Server 4.0.1 January 2015 recommended in June 2015? • CAS Server 4.0 May 2014 recommended in June 2014 • Security patches for SAML2 (e.g. Google Apps), HTTP attacks,… – CAS Server 3.5.3 January 2015 – CAS-server-security-filter 1.0 August 2014 2.0.x May 2015 – CAS Server 3.5.2.1 April 2014 – CAS Server 3.4.12.1 April 2014 • CAS Server 3.5.2 February 2013 recommended in June 2013 ... • CAS Server 3.5.0 July 2012 • CAS Server 3.4.12 May 2012 recommended in June 2012 … • CAS Server 3.4.7 March 2011 … • CAS Server 3.4.0 May 2010 https://www.apereo.org/tags/cas-product-release https://github.com/Jasig/cas/releases/ 10Open Apereo 2015
  • 11. How to install / deploy a CAS server ? • Install a quickstart produced by Apereo/Jasig or Esup-Portail – Discover quickly CAS functionalities, perform trainings, demos… • Do direct modifications in the source of a CAS stable version? • Deploy a WAR and perform changes in the Tomcat webapps directory – More difficult to update the CAS server • Maven WAR Overlays – The Apereo recommended method to deploy a CAS server – Beware of files and directories movements during version upgrades • Esup CAS-toolbox or Esup CAS-toolbox-new – Facilitate deployment by centralizing configuration items and by presetting some CAS modules Open Apereo 2015 11
  • 12. Open Apereo 2015 Higher Education ... Open Source in a New Age HISTORY OF ESUP WORKS / TOOLBOX AND CAS SERVER 2003-2007 Esup CAS Generic Handler Yale/Jasig CAS 2.x 2008-2011 Esup CAS-toolbox Jasig CAS 3.x 2011-2014 Esup CAS-toolbox-new v3 Jasig CAS 3.4.1x 2014-… Esup CAS-toolbox-new v4 Apereo CAS 4.x 12Open Apereo 2015
  • 13. 2003-2007: Esup cas-generic Ant-based project and Yale/Jasig CAS v2 Server • Esup-Portail Generic Handler – A plugin giving CAS the ability to authenticate users with different methods • 3 packages – esup-casgeneric • The CAS Generic Handler, to be deployed into the cas-server sources hierarchy – esup-cas-server • The CAS Generic Handler, already shipped into CAS server – esup-cas-quick-start • An Apache Jakarta Tomcat-based package for CAS server, shipped with the Handler • Latest release in SourceForge – http://sourceforge.net/projects/esup-casgeneric/files/ • Documentations – http://www.esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_install.html Open Apereo 2015 13
  • 14. 2003-2007: Esup cas-generic User Interface at UPMC with esup-cas-server Open Apereo 2015 14
  • 15. 2008-2011: Esup cas-toolbox Ant-based project and Jasig CAS v3 Server • Overview – Deploying a CAS server into an existing Tomcat installation – Simplifying CAS configuration – Customizing the CAS server – Building quickstart distributions • Handle different configuration customization levels – An 'update' folder: containing add-ons to the original CAS Server – A 'custom' folder : every customized aspects (skin, Java sources, configurations) – A 'config.properties' file: properties used by the Spring configuration files • Latest release in SourceSup and based on CAS v3.4.7 – https://sourcesup.renater.fr/frs/?group_id=401&release_id=1461 • Documentations – https://wiki.jasig.org/display/CAS/CAS-toolbox – https://subversion.renater.fr/cas-toolbox/tags/3.4.7-1/README Open Apereo 2015 15
  • 16. 2008-2011: Esup cas-toolbox Deployment Example • Download cas-toolbox.X-Y.tar.gz from https://sourcesup.renater.fr/projects/cas-toolbox/ and expand • Rename build.sample.properties to build.properties • Set the deploy.path property in build.properties • Rename config.sample.properties to config.properties • Configure config.properties (and set customizations in the custom directory) • Initialize by running ant init • Deploy into an existing Tomcat by running ant deploy • Start Tomcat and browse http://localhost:8080/cas Open Apereo 2015 16
  • 17. 2008-2011: Esup cas-toolbox v3 UI with Esup-portail Theme (v3.4.7) Open Apereo 2015 17
  • 18. Open Apereo 2015 Higher Education ... Open Source in a New Age NEW ESUP CAS TOOLBOX V3 AND V4 2011-2014 Esup CAS-toolbox-new v3 (CAS server 3.4.1x) 2014-… Esup CAS-toolbox-new v4 (CAS server 4.0.x) Open Apereo 2015 18
  • 19. Maven WAR Overlay General principles • Local sources control (with Git) that contains only specific dependencies, configurations and customizations of the institution – The pom.xml (Project Object Model) file describes the project, its dependencies and automated tasks… – Added or modified files or directories: .java, .properties, .xml,… • Rebuilding of the Web application ARchive (WAR to deploy within Tomcat) – From the original release version of the CAS server defined in the pom.xml file – With all configurations and customizations in superposition • Replacement of original files • Documentations – https://wiki.jasig.org/display/CASUM/Best+Practice+- +Setting+Up+CAS+Locally+using+the+Maven+WAR+Overlay+Method – http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html Open Apereo 2015 19
  • 20. Maven WAR Overlay Examples and demos for CAS server • CAS server 3.4.1x – https://subversion.renater.fr/cas-toolbox/branches/cas-toolbox-new/ – https://github.com/EsupPortail/cas-toolbox-new/tree/v3.4.x • CAS server 3.5.x – https://github.com/UniconLabs/simple-cas-overlay-template – https://github.com/Unicon/unicon-cas-overlay – https://github.com/leleuj/cas-overlay-3.5.x • CAS server 4.0.x – https://github.com/leleuj/cas-overlay-demo – https://github.com/UniconLabs/simple-cas4-overlay-template – https://github.com/EsupPortail/cas-toolbox-new/tree/v4.0.x Open Apereo 2015 20
  • 21. Esup cas-toolbox-new v3 and v4 Maven-based project and CAS 3.4.1x / 4.0.x • Overview of the new toolbox capabilities – Deploying a CAS server into an existing Tomcat installation – Simplifying and centralizing CAS configuration • config.properties file and Authentication “HandlersDiscover” functionality – Esup pre-settings and add-ons • Esup Theme, LDAP, Logging, TraceMe, Stats, BlockAttack, SAML 1.1… • Configured modules that user can activate : Memcached, Rest… – Quickstart built with Ant • Initial works of simplification of the projet Esup cas-toolbox (J. Marchal) – https://subversion.renater.fr/cas-toolbox/branches/cas-toolbox-new/ • Svn2git, transfer and update of the project on Github (L. Auxepaules) – https://github.com/auxepaul/cas-toolbox-new Open Apereo 2015 21
  • 22. Esup cas-toolbox-new v3 & v4 Files and Directories organization • cas-toolbox-core (Esup addons and preconfigurations) – src/main • java • webapp – pom.xml • cas-toolbox-custom (University customizations and addons) – src/main • webapp – pom.xml • etc (HowTo and « scripts » examples) • config.sample.properties (« localhost » configuration) • pom.xml • Better differentiation between the Esup and the Institution customizations and configurations • An integrator can easily copy the files from cas-toolbox-core (or the Apereo CAS project) to cas-toolbox-custom and then modify the files Open Apereo 2015 22
  • 23. Esup cas-toolbox-new v3 and v4 UI with the Esup Theme Open Apereo 2015 23
  • 24. Esup cas-toolbox-new v3 and v4 UI with the UPMC Theme (v3.4.12.1) Open Apereo 2015 24
  • 25. Esup cas-toolbox-new v3 and v4 Statistics, Monitoring and Logs • Esup Stats Page: /cas/stats.jsp SERVICE_TICKET_CREATED : 1 TICKET_GRANTING_TICKET_CREATED : 1 AUTHENTICATION_SUCCESS : 1 AUTHENTICATION_FAILED : 1 SERVICE_TICKET_VALIDATED : 1 TICKET_GRANTING_TICKET_NOT_CREATED : 1 • Apereo Monitoring Page: /cas/status Health: OK 1.MemoryMonitor: OK - 418,07MB free, 623,54MB total. 2.SessionMonitor: OK - 1 sessions. 0 service tickets. • Esup User and Service Stats Logs: serviceStats.log [Sun May 31 16:01:15 CEST 2015] [IP:127.0.0.1] [ID:admin] [TICKET:ST-1-ZW74nIKOVEECbowbB0BT-localhost] [SERVICE:http://localhost:8080/cas-management/j_spring_cas_security_check] [USER-AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0] • Apereo Performance Statistics Logs: perfStats.log Performance Statistics 2015-05-31 16:01:00 - 2015-05-31 16:02:00 Tag Avg(ms) Min Max Std Dev Count AUTHENTICATE 21,0 21 21 0,0 1 CREATE_TICKET_GRANTING_TICKET 25,0 25 25 0,0 1 GRANT_SERVICE_TICKET 3,0 3 3 0,0 1 VALIDATE_SERVICE_TICKET 1,0 1 1 0,0 1 25Open Apereo 2015
  • 26. Esup cas-toolbox-new v3 and v4 Logging in Log4j.xml • Tickets: tickets.log 2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST- 1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas- management/j_spring_cas_security_check] for user [admin] • Success and failed authentications, blockAttack: auth.log (works with CAS 3) Thu Dec 18 15:47:00 CET 2014 - AUTHENTICATION_FAILED for '[username: admin]' from '127.0.0.1' AccountLockingService::incrementAttempts() : [admin] - number of attempts : 3 of 3AccountLockingService::isAccountLocked() : [admin] added to user list AccountLockingService::isAccountLocked() : [admin] locked Account "admin" is locked for : 3 s AccountLockingService::run() : [admin] removed from user list Thu Dec 18 15:48:00 CET 2014 - AUTHENTICATION_SUCCESS for '[username: admin]' from '127.0.0.1‘ • Rejected Services: rejectedServices.log 2015-05-31 16:02:31,091 WARN [org.jasig.cas.web.flow.ServiceAuthorizationCheck] - ServiceManagement: Unauthorized Service Access. Service [http://loc:8080/cas-management/j_spring_cas_security_check] is not found in service registry. • CAS management Services: cas-management.log 2015-05-31 16:01:15,606 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST- 1-ZW74nIKOVEECbowbB0BT-localhost] for service [http://localhost:8080/cas- management/j_spring_cas_security_check] for user [admin] • Trace (used by Esup AGIMUS-ng: Indicators and Usage): trace.log TRACE-1-70RFFjeWwSqCfoqwHxUoimyMBELrhdlqAjhtlhoIpChkFnuG5f-localhost:admin 26Open Apereo 2015
  • 27. Esup cas-toolbox-new v3 and v4 Deployment Example • git clone https://github.com/EsupPortail/cas-toolbox-new.git • git checkout v4.0.x • Rename config.sample.properties to config.properties • Set the deploy.path property in config.properties • Configure config.properties • (Set customizations in the cas-toolbox-custom directory) • Initialize and deploy in an existing Tomcat by running mvn clean package • Start Tomcat and browse http://localhost:8080/cas http://localhost:8080/cas-management Open Apereo 2015 27
  • 28. Esup cas-toolbox-new v3 and v4 Authentication handlers « Discover » • Set Handlers to use in config.properties (reported in esup.properties file) # Handler to use (cf casWEB-INF*.auth.xml to find id) # - ldapFastBindHandler : make a fast bind in ldap (AD or direct bind configuration) # - ldapFullBindHandler : make a search after a bind with find dn (OpenLdap or anonymous) # - fileEncAuthHandler : use a flat encoded file # - filePlainAuthHandler : use a flat plaintext file authHandlers=fileEncAuthHandler # IF USE ldapFullBindHandler #authHandlers=fileEncAuthHandler,ldapFullBindHandler authResolvers=primaryPrincipalResolver # IF USE ldapFullBindHandler #authResolvers=primaryPrincipalResolver,ldapPrincipalResolver defaultResolver=primaryPrincipalResolver • HandlersDiscover JAVA class: org.esupportail.cas.HandlersDiscover.java – Browse the list of authentication Handlers, the list of authentication Resolvers – Put each couple <AuthHandler, AuthResolver> within the HandlerMap used by Authentication Manager bean • Handlers to discover within srcmainwebappWEB-INFauth-configuration*- auth.xml Open Apereo 2015 28
  • 29. Esup cas-toolbox-new v3 and v4 Authentication handlers « Discover » • HandlerDiscover bean defined in srcmainwebappWEB- INFdeployerConfigContext.xml <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg ref="handlerMap"/> ... <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <bean id="handlerMap" class="org.springframework.beans.factory.config.MapFactoryBean"> <property name="sourceMap"> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> </map> </property> </bean> <bean id="handlerDiscover" class="org.esupportail.cas.HandlersDiscover"> <property name="handlersId" value="${cas.authHandlers}"/> <property name="resolversId" value="${cas.authResolvers}"/> <property name="defaultResolverId" value="${cas.defaultResolver}"/> <property name="mapToAdd" ref="handlerMap"/> </bean> Open Apereo 2015 29
  • 30. Apereo CAS v4.0.x Some new features, changes, updates • New CAS 3.0 protocol: User attributes in ticket validation response • Greater modularity and new submodules – Services management, SAML 1.1 • Redesign authentication API • Updated or replaced dependencies – Spring LDAP  Ldaptive – REST module – CredentialsToPrincipalResolver, ***Credentials*** class or attributes  ***Credential*** • User Interface improvements (“Responsive”)  Source code not backward-compatible with 3.x – Difficulties to export some configurations and customizations from 3.x to 4.x • For more information – The latest about the Central Authentication Service, Tomorrow from 10:15pm to 11:00pm • http://lanyrd.com/2015/apereo/sdmmpw/ – http://jasig.github.io/cas/current/ Open Apereo 2015 30
  • 31. Esup cas-toolbox-new v4 Things to do and Perspectives • Fix bugs and test some functionalities and modules – Fix SAML 1.1 (search filter bug), echos in cas.log… – Set and Test Memcached – Test REST • Add and test new maven tasks to support development activities – mvn jetty:run or mvn jetty;run-war – mvn tomcat7:deploy or mvn tomcat7:redeploy • Rewrite HowTo guides, documentations and links to the Apereo CAS documentations and guides • Replace old Esup functionalities by “equivalent” Apereo functionalities – BlockAttacks  Throttling Authentication Attempts 31Open Apereo 2014
  • 32. Esup cas-toolbox-new v4 Things to do and Perspectives • Set a new Esup theme (Responsive Web Design) • Add and preset new authentication configurations – Spnego (Kerberos Windows), Trusted (REMOTE_USER)… • Add and preset other modules and functionalities of the Apereo CAS server – LPPE, Clearpass • Study (and create?) more “specific” projects based on – RBAC (Role-Based Access Control) by service with CAS and Grouper – MFA (Multi-Factor Authentication) with the LOA implementation 32Open Apereo 2014
  • 33. Open Apereo 2015 Higher Education ... Open Source in a New Age DEMONSTRATION 33Open Apereo 2015
  • 34. Demonstration Windows demonstration environment • Quickstart uPortal 4.1 – C:/portal – Apache Maven 3.0.4 – Apache Tomcat 7.0.32 • Running scripts of tomcat in the apache-tomcat-7.0.32/bin directory – startup.bat et shutdown.bat • Oracle Java JDK 1.7 • Environment variables – JAVA_HOME, JAVA_OPTS, CATALINA_OPTS – Path : MAVEN_HOME%bin • Git : Github for Windows 34Open Apereo 2014